ERP Newsletter
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO Enterprise Applications
 CIO ERP
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Mid-Market CIO Panel: Tips and Techniques for Improving Vendor Relationships

July 15, 4:00 PM - 5:00 PM U.S./Eastern (GMT-4)

We'll highlight relationship priorities and best practices identified in a Council study, and we'll interact with a CIO panel on the approaches they've used to improve strategic vendor partnerships.

Secrets of Successful Vendor Contract Negotiations for the Mid-Market

Sept. 10, 2009, 11:00 AM - 12:00 PM U.S./Eastern (GMT-4)

On this free public Council teleconference, Matthew A. Karlyn, attorney at Foley & Lardner in Boston, will share tips on negotiating tactics and new, creative contract terms to help mid-market CIOs make better deals.

Executive Competencies Assessment Tool

Assess Your Business Leadership Skills with the Council's new benchmarking tool. Rate yourself in change leadership, strategy, customer focus and more.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
News
 

Auditor: IRS Doesn'T Check Cyberaudit Logs

The U.S. Internal Revenue Service's IT staff hasn't routinely checked its cybersecurity audit logs, according to a report released this week by the agency's inspector general's office.

 

By Grant Gross

December 16, 2008 — IDG News Service —

The U.S. Internal Revenue Service's IT staff hasn't routinely checked its cybersecurity audit logs, according to a report released this week by the agency's inspector general's office.

The IRS has effectively deployed intrusion detection systems at its Internet gateways, and it has used access controls for firewalls and routers, said the report, completed in July but released Monday. But the agency's IT staff weren't always saving or reviewing system audit logs, and clock settings on some firewalls and routers did not comply with IRS rules, the report said.

"These weaknesses increase the likelihood that intruders from the Internet could gain access to sensitive taxpayer data residing on the IRS network without being detected," the report said.

One IRS employee, the database administrator for routers, had access to router audit logs, even though IRS rules require that a worker outside the immediate IT staff responsible for routers have access for independent review, the report said. In addition, IRS IT staff did not save audit logs on two separate servers, as recommended in IRS guidelines.

The report, with large chunks redacted, recommends the IRS allow independent review of audit logs and establish procedures to save audit logs. It also recommended that the IRS regularly test its Internet gateways for compliance with standard security configurations. The IRS agreed with the recommendations, saying it planned to do bi-weekly compliance testing.

The report also said the IRS had unnecessary services enabled on routers, although the public version of the report does not tell what those services were.

"We have corrected many of the findings outlined in your report and are aggressively implementing additional changes to further protect our Internet gateways," Arthur Gonzalez, the IRS CIO, wrote in response to the report. "Your suggested recommendations are in adherence with standards that will further improve our security posture."

The IRS' parent agency, the Department of Treasury, received a failing grade for its 2007 cybersecurity efforts, according to a report card released in May. The annual report, released by the U.S. Congress, grades federal agencies' compliance with the Federal Information Security Management Act, or FISMA.

The IRS review was performed at the IRS Computer Security Incident Response Center and covered the period from February 2007 to March of this year.

Copyright © 2008 IDG News Service. All rights reserved. IDG News Service is a trademark of International Data Group, Inc.
 
 
Loading...
 
WHITE PAPERS

Communications Transformation Platform

The Communications Transformation Platform enables you to provide the services your customers demand - faster, cheaper and with less risk.
 

Global Change in the TV Industry

Capgemini and MediaXchange have captured key insight to the change across the TV industry.
 

5 Key Requirements of Quality Power

What your IT equipment needs from a UPS: The top five requirements that define "quality power" in the eyes of the power supplies in your IT systems.
 

The Gartner Magic Quadrant for IT PPM Applications

This report evaluates 19 vendors on their ability to execute and completeness of vision.
 

Best Practices to Mitigate Risk

Make SOX Efforts More Effective
 

Keep Your CMDB On Course

Learn how configuration drift can challenge configuration management database integrity.
 

WEBCASTS

Managing Client Systems in the Enterprise

Keeping client systems costs under control is just one of the many initiatives IT must address when trying to manag...
 

IT Consolidation Made Easy

The Primary IT Initiative for Reducing Costs
 

Webcast with Dan Vesset: Investing in Business Analytics Technology

What exactly is business analytics and why should you care? Dan Vesset of IDC and Gaurav Verma of SAS answer this a...
 

Capitalize on Your SAP Content

After 18 years of partnership and over 3,000 successful customer deployments, Open Text has become SAP's premier pa...
 

Enterprise Cloud Computing: Ready for Primetime?

The progression toward enterprise cloud computing is happening today, as industry leaders deploy technologies that ...
 

BSM in the Field, Practical Insights from Peter Armaly

Have you thought about BSM, but haven't quite gotten the buy-in you need? Get down and dirty with BSM installations...
 

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Taking the Service Desk to the Next Level

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

Learn how to save 30% through project & portfolio management.

5 Steps to Automating Accounts Payable

BPM Survey Results: The Real-World Analysis

Ready to Act: 3 Recommendations for Agile Processes

Achieving Business Agility with Application Grid

Next Generation Enterprise Applications

Achieving Pervasive Performance Management

Smart Decisions: The Role of Key Performance Indicators

The Link Between Effective Online Business Banking and Web 2.0

64-page prescriptive guide to security, compliance, and IT operations.

Get Google Enterprise Search for your business information.

Accenture IT Consulting: Enabling high performance. More...

Top Five CIO Challenges

Insight makes it easy to spend your Microsoft subsidy check.

Five minute business analytics assessment. Immediate results.

Dangerous Collaboration Practices: 5 Ways IT Can Minimize Risk

Accenture: Outsourcing for uncertain times. Click to learn more.

Keep online transactions fast with CA Wily APM

Why Data Loss is Increasing--and What You Can Do About It

Learn how to managing client systems in the enterprise.

Build a High-Performance Open Web Platform

How Interactive Viewer Reduces the Effort to Meet Visualization Requirements

Stop Application Fraud at the Source with Device Reputation

Building the Virtualized Enterprise with VMware Infrastructure

The Global Marketplace Today: Strategies for Tough Times

Top 10 Business and IT Drivers for the Wealth Management Sector

8 Key Ingredients to Building an Internal Cloud

BPM: Leveraging Competencies and Streamlining Processes to Achieve Operational Excellence

White Paper: The Building Blocks for Cloud Computing

Craft a Strategy to Lower Your Total Cost of Ownership

A Natural User Interface for Enterprise Applications

Delivering Secure and Reliable Data through Spreadsheet Automation

Financial Institutions Need Rich Internet Applicatons

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

Improve ROI, lower TCO and reduce energy consumption.

Introducing the new HP ProLiant G6 server family

Accenture: Outsourcing for Competitive Advantage. More...

Better spam protection with Postini for just $1/user/mo

Introducing the new HP ProLiant G6 server family

infoBOOM! - The Mid-Sized Company CIO's Exclusive Community

Accenture IT Consulting: Logical meets technological. More . . .

The Fraudster Economy Model: Operating a Business in the Underground

Payback in 9 months with CA Spectrum solutions